Organizational Integrity Program

Please keep in mind that our organization will soon mandatethe use of “strong passwords” for all Novell accounts and workstations.

What is a strong password?

A strong password has each of the following components:

• At least 8 characters
• Combination of Upper and Lower Case Letters
• At least 1 number
• At least 1 special character (symbols or punctuation)

What does this mean to you?

The use of a strong password will be configured into Novell and your workstation, requiring you to use a strong password to access Novell and your workstation. In other words, you will not be able to log into Novell or your workstation unless you use a strong password.

Why will strong passwords be required?

The privacy and security standards contained in the Health Insurance Portability and Accountability Act (“HIPAA”) require healthcare providers to take security measures to safeguard patient information. These requirements have been further strengthened by the new HITECH law, enacted as part of President Obama’s stimulus legislation.

When employees use passwords that are simple and easily guessable (i.e., “weak”), it provides an opportunity for others to gain unauthorized access to the information system. A weak password typically is alpha/numeric with a symbol and is no longer than 6 characters. A weak password could take a hacker 22 HOURS to crack; even worse, an alpha-only weak password of 6 characters could be cracked in as little as 90 minutes! In contrast, a strong password using alpha/numeric and a symbol that is up to 8 characters could take a hacker 23 YEARS to crack.

1. Take a familiar word and format it like an email, such as “Summer@2002.com” or “jennieC@06.com”; this is easy to type, easy to remember, 15 characters long, upper and lower case, and uses 2 special characters.

2. Create "input rules" to help you remember the password. Example: For each password place a special character at the beginning, make the 2nd character a capital, and place a number 1 character from the end (the user can also pick a word that is application specific, such as Cerner) = >cErne1r this formula can be reused each time the user needs to change the password making it easier to remember; additionally, the user can easily increment the number making the password easy to remember = >cErne2r

3. Create a pass phrase, such as "I traveled to key west in 2002", and then take the first letter from each word, change one character to a special symbol and use two digits from the year = I!tkwi02 OR Ittkwi02. OR |Ttkwi02; you can also move the numbers around = 0Ittkwi2; this allows the user to continue to use the same password repeatedly by just changing the sequence.